One of the most effective ways for organizations to defend against spam and phishing emails is to prevent them reaching employee inboxes in the first place. It's no wonder, then, that cybersecurity experts are ringing the alarm over a new hacking tool that successfully circumvents even the most stubborn filters.
According to cybersecurity experts from Vade Security, the tool is called Email Appender and it's being sold, on a subscription basis, on the dark web. The researchers are claiming Email Appender is to blame for a recent “vast spam wave” that’s been hitting businesses worldwide.
Vade Security claims companies in Italy, France, Denmark and the US have already witnessed the full force of Email Appender, with one business allegedly receiving 300,000 spam messages in a single day. It was even forced to shut down affected accounts and reset credentials, which is described as a “costly endeavor”.
Email Appender’s strength lies in the fact that it allows cybercriminals to validate compromised account credentials, configure a proxy to avoid IT detection and draft malicious emails. After that, depositing the spam into a compromised user inbox is just a matter of a few clicks.
The tool also comes with its own user interface, allowing criminals to customize emails, change the sender’s display name and create a reply-to address. Vade also believes the compromised email account credentials were most likely purchased from the dark web and validated with Email Appender to connect to the user’s account via IMAP.
“The emergence of Email Appender as a subscription is a warning sign of what’s to come in the cybercrime-as-a-service space. Illegal services now available on the Dark Web allow low-tech criminals to pull off successful ransomware attacks. If Email Appender and other tools like it continue to prove so successful, they could go viral in the cybercriminal community,” said Adrien Gendre, Chief Product and Services Officer at Vade Secure.
“If and when this threat morphs into phishing, business email compromise, or malware, a platform like Microsoft 365 is ripe for attack. Most email security solutions for Microsoft 365 are not integrated with the platform via API but sit outside the Microsoft tenant. This means that not only do they not scan internal Microsoft 365 email for insider threats, but they also cannot act on malicious emails once they have been successfully delivered."